Friday, July 19, 2013

Trust Me, I’m With Microsoft…

Beware; scammers are cold calling households in the area and trying to scare people into giving them access to their computers and purchasing ”tech support services” that they don’t need.

I got a call out of the blue the other day from a gentleman who said he was from Microsoft. He asked me if I was Mr. Berryjooks of 1 Happy Lane, I said yes, and he proceeded to tell me (in a very heavy Indian accent) that a PC at my house, registered to my wife, Mrs. Belinda Berryjooks, was infected with a virus and was sending error messages out to Microsoft. He said not to worry though, he would help me clean things up.

I knew from the get go that the call was a hoax, Microsoft does not call customers, or keep watch over people’s computers, for that matter, but I wanted to find out what this guy was up to and how much of my info he already had, so I started stringing him along;

Me: “How do I know you’re from Microsoft, the caller ID says Out of Area 3241?”

Caller: “How would I know your name and address, and your wife’s name, if I wasn’t from Microsoft?”

Me: “Ah.., the phone book, possibly?”

Caller: “No sir, from when you registered your computers.”

Me: “My wife doesn’t have a PC, she has a Mac.”

Caller: “She must have a user account on one of the PC’s.”

Me: “Nope, hates PC's.”

Caller: “Sir, I cannot stress enough that one of your systems is very, very sick, and you are in dire need of professional help or you will be losing all of your data. It is critical that you allow me to help you immediately. Are you near one of your computers now?”

Me: “Why yes, I am.”

Caller: “Please go to the Start menu and select Run.”

Me: “OK.”

Caller: “Please type eventvwr at the run command prompt.”

Me: “Done”

Caller: “Now look through the event viewer for any errors or alerts, this is a sure sign that you have a very, very bad infection.”

Me: “There are always error and alert messages in the event viewer, it’s normal for them to be there.”

Caller: “Oh, no sir, this is a very, very bad thing. I need you to go back to the run command and type in the following, then I will be able to take control of your computer and help you clean it up before all of your files are destroyed.” He proceeds to give me a url to enter, which I won’t reprint here for fear of someone clicking on it.

Me: “Right. Who did you say you were, again?” Meanwhile, I’m doing a domain lookup on the web address he’s provided me.

Caller: “I told you, I’m with Microsoft.”

Me: “You are employed by Microsoft directly?” By now I know that the website he’s directing me to is based out of Calcutta and has no affiliation with Microsoft at all. I love the Whois command.

Caller: “Have you entered the address I gave you yet, sir?”

Me: “Nope.”

Caller: “Sir, I cannot help you if you don’t follow my instructions. This is very important. You are spreading viruses to all of your friends and family and all of their PC’s will be ruined.”

Me: “You didn’t answer my question, let me try it another way: If I call Microsoft’s main number, would I be able to reach you? Could the operator patch me through to tech support?”

Caller: “I can give you a number to call, sir.”

Me: “Not the same thing, but go ahead.”

Caller: “4XX.XXX.XXXX”

Me: “That’s not a Microsoft number.” I’d googled it as he read it to me and it came back as the number for a company called My Instant Support, which is owned by Edgesoft Technology Solutions, not Microsoft, and there is a slew of search entries about cold calls to users, mostly the elderly, who end up giving access to their computers and getting all kinds of dubious tech support charges on their credit cards, amongst other things.

Me: “Who Should I ask for when I call the number?”

Caller: “Brad Smith.”

Me: “Of course…”

Caller: “Sir, I have already spent upwards of 20 minutes talking to you and I can not waste any more of my time. You do understand that I cannot be held accountable for the horrible things that are going to happen to your computers if you do not allow me to log in and correct the problem?”

Me: “Understood, and I absolve you from all responsibility and consequence, Brad, and I thank you for alerting me to the danger I’m in. Above and beyond the call of duty, sir. By the way, what virus do I have?”

Caller: “The Trojan virus, sir.”

Me; “Which Trojan virus, Brad? There are many.”

Caller: “The Trojan virus, sir. I cannot help you if you don’t allow me access and have already wasted too much time on this call. Goodbye!”

*click*

Brad was definitely annoyed, and seemed to have finally grasped the fact that I was shining him on. This gave me great pleasure, but it wasn’t the end of my dealings with them…

Yesterday a different Brad Smith called me, same heavy Indian accent and same spiel. This time I stopped him midsentence by saying: “Wait, don’t tell me… you want me to check my event viewer and then give you access to my computer, right? And you don’t really work for Microsoft, you work for My Instant Support, and you are not calling on Microsoft’s behalf at all, correct?”

Brad Number Two: “ah, er.., *click*”

Damn, I lost him. Musta been a bad connection…

So, the takeaways here are:

Microsoft will never, ever call you at home.Entries in your event viewer are normal, there should be alerts and warnings in there.Never, ever give anyone you don’t know any personal information, especially over the phone.Never, ever, give anyone you don’t know access to your PC’s.

These guys walk a fine line, they insinuate that they are calling on behalf of Microsoft to gain your trust, but it’s actually a carefully crafted script. When pressured, they will admit that they work for a Microsoft certified company, which only means that they are qualified to work on Microsoft products. It does not mean that Microsoft has hired them to contact you, and there is no way they are receiving error reports from your system.

There are posts from PC users worldwide complaining about these people, and all kinds of stories about large and repetitive charges on the credit cards of people foolish enough to believe them and give them access. Lord knows what type of malware is getting installed at the same time by these guys, or what data they may be stealing from the users.

Microsoft warns about these calls in their forums and recommends reimaging the PC and changing all your passwords (Computer, Bank, Credit Cards, etc.) should you fall prey to one of these schemes.

Do NOT fall prey to this scheme.

You can end up in a world of hurt if your accounts and personal information are compromised, I repeat, a world of hurt.

They seem to be targeting the Massachusetts area right now; I’ve seen a lot of entries in the local police blotters about people reporting similar calls. Probably just working their way through the local phone listings and they'll move on to another area soon. We can all help to move them along by not cooperating, and/or making their day as unpleasant as possible.